Get your organization back up and running.

If you've ever found your car window smashed and your personal
possessions gone, you know that sickening feeling. Security intrusions
and data theft can feel a lot like that.

We realize that situations requiring forensic expertise can be
challenging to manage and resolve. You need a solid partner who can
get to the bottom of the incident, help you make sense of it and
reduce the likelihood of it occurring again.

Whether it is investigating a breach of credit card numbers or
recovering sensitive data, Sikich has the experience and ability to
dissect even the most complicated forensic cases and bring them to a
close. Using the latest industry-respected toolkit—along with an
arsenal of custom tools and know-how—our investigators work
tirelessly to discover what happened to your data and how it was
accessed.

What to Do If You've Experienced a Breach

The moments after a breach are of the utmost importance and can
significantly impact your organization and the effectiveness of a
forensic investigation. If you suspect a computer systems intrusion or
breach, you should:

Immediately Contain and Limit the Exposure

The goal of containing and limiting the exposure is to keep the breach
from spreading. If you are unable or uncomfortable performing any of
the following steps, the Sikich Forensic Team will be able to assist
you.

Do NOT access or alter compromised systems (e.g., do not log on or
change passwords).

Do NOT turn off the compromised machine. Instead, isolate
compromised systems from the network (e.g., unplug the network
cable). If for some reason it is necessary to power off the machine,
unplug the power source.

Do NOT shutdown the system or push the power button (because it can
sometimes create a "soft" shutdown), which modifies system
files.

Preserve logs and electronic evidence. A forensic hard drive
image will preserve the state on any suspect machines. Any
other network devices (such as firewalls, IDS/IPSes, routers, etc.)
that have logs in the active memory should be preserved. Keep all
past backup tapes, and use new backup tapes for subsequent backups
on other systems.

Log all the actions you have taken, including composing a timeline
of any knowledge related to the incident.

If using a wireless network, change SSID on the wireless access
point (WAP) and other machines that may be using this connection
(with the exception of any systems believed to be compromised).

Alert All Necessary Parties Within 24 Hours

The card associations and your merchant bank if the breach is part
of a cardholder data segment.

The local FBI office and/or U.S. Secret Service (file a complaint
online at http://www.ic3.gov).

How We Can Help

Sikich speaks at security and law enforcement conferences across
the country. We develop and maintain tools in wide use within the
security community. We also work with law enforcement at local,
state and federal levels to bring cyber criminals to justice, and we
maintain relationships that allow us to easily work with officers
and prosecutors.

Sikich is a highly-qualified and widely recognized forensic
investigator and is one of the few companies approved and certified
by the Payment Card Industry Security Standards Council (PCI SSC) as
a PCI Forensic Investigator (PFI) to perform this difficult and
complex task within the payment card industry.

Forensic Investigations

We respond quickly to provide an expert forensic team to contain the
breach, salvage data, perform an investigation, and get your
organization back up and running. Our proven methods and techniques
enable you to properly respond to the attack, secure your
environment and meet all legislative and industry requirements.

We are uniquely equipped. Along with our many certifications and
qualifications, you can rest assured that it will not escape our
eyes in our dedicated forensic lab with state-of-the-art equipment
and software. We provide:

Detailed physical inspections to uncover evidence of tampering or
other physical breaches

Code review of affected applications in nearly any programming
language

Advice for reducing the risk of future breaches

Detailed reports that allow you to have a complete, documented view
into your case

Data Recovery

Malicious employees, computer hackers, physical disasters and mistakes
can all lead to the inadvertent destruction of critical data. Even if
files are deleted or systems fail, it can still be possible to recover
the contents of the system to bring your organization back on-line
quickly.

Electronic Litigation

Organizations can find themselves in a position where a technical
expert is needed to defend a lawsuit. Electronic litigation provides
the expert testimony that is occasionally required to support a case.
Proven methods and proper chain of custody procedures are used to
support the evidence in a court of law.

Breach Disclosure

Laws and regulations governing breach disclosures can be tough to
understand and keep track of. Requirements can vary from state to
state. Some legislation, like the California State Bill 1386, requires
companies to notify state residents if any personal information is
leaked. Sikich helps you stay up-to-date with the requirements that
apply to your organization, should a breach occur.

Electronic Discovery (E-Discovery)

In some civil litigations, electronic discovery may be necessary to
extract and analyze electronically stored information that could be
pertinent to the case. Sikich will not only assist with the
extraction and analysis of the data, but will also effectively
coordinate efforts with lawyers, IT staff and any other relevant
parties.

If you discover that someone has compromised your network, you will
likely have trouble thinking clearly. The time to do that thinking and
plan for a security incident is in the conference room when the
network is purring along as designed and you can have the full
attention of the relevant team members. Bring them together at least
annually and take a critical look at your incident preparedness.

During the hundreds of security and compliance assessments that I've
helped deliver, I've seen just as many Incident Response Plans (IRP).
As you might imagine, the quality varies. While many are designed
around a regulatory compliance mandate or a popular template with
required and standard language, a common problem that I see is lack of
real-world usability.

Many of our readers are subject to one or more regulatory compliance
mandates with specific requirements addressing IRP. I'll stay away
from those requirements and simply share some usability tips that I
hope are helpful. Read more »

Trust your forensic investigation to the experts at Sikich.

All it takes is your name and phone number or email address to learn more
about our services and expertise. If you'd like, you'll also be able to
send additional details after you submit your information here.